Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for applying a set of policy rules to network traffic, the method comprising: evaluating, by using a processor, conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
2. The method of claim 1 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
3. The method of claim 1 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
4. The method of claim 1 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
5. The method of claim 4 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
6. The method of claim 5 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
7. A non-transitory storage medium storing instructions that, when executed by a processor, cause the processor to perform a method for applying a set of policy rules to network traffic, the method comprising: evaluating conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
8. The non-transitory storage medium of claim 7 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
9. The non-transitory storage medium of claim 7 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
10. The non-transitory storage medium of claim 7 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
11. The non-transitory storage medium of claim 10 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
12. The non-transitory storage medium of claim 11 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
13. An apparatus, comprising: a processor; and a non-transitory storage medium storing instructions that, when executed by the processor, cause the processor to perform a method for applying a set of policy rules to network traffic, the method comprising: evaluating conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
14. The apparatus of claim 13 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
15. The apparatus of claim 13 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
16. The apparatus of claim 13 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
17. The apparatus of claim 16 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
18. The apparatus of claim 17 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
Unknown
July 28, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.